This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Fix writing beyond array bounds in codecvt/unshift/char/1.cc

From: Alexander Monakov <amonakov at ispras dot ru>
To: gcc-patches at gcc dot gnu dot org
Cc: Benjamin Kosnik <bkoz at redhat dot com>
Date: Tue, 13 Apr 2010 18:26:06 +0400 (MSD)
Subject: Fix writing beyond array bounds in codecvt/unshift/char/1.cc

Hi,

'size' definition seemingly does not account for a zero byte, and thus strcpy
call near the end of the test overwrites one byte beyond allocated memory,
which may lead to spurious test failures.  The patch simply bumps size to 24.
OK for trunk?

2010-04-13  Alexander Monakov  <amonakov@ispras.ru>

	* 22_locale/codecvt/unshift/char/1.cc (test01): Increase size to avoid
	writing past allocated memory.

diff --git a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
index ba417af..8a45efc 100644
--- a/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
+++ b/libstdc++-v3/testsuite/22_locale/codecvt/unshift/char/1.cc
@@ -35,7 +35,7 @@ void test01()
   bool test __attribute__((unused)) = true;
   const char* 		c_lit = "black pearl jasmine tea";
   const char* 	        from_next;
-  int 			size = 23;
+  int 			size = 24;
   char* 		c_arr = new char[size];
   char*                 c_ref = new char[size];
   char*			to_next;

Follow-Ups:
- Re: Fix writing beyond array bounds in codecvt/unshift/char/1.cc
  - From: Andreas Schwab

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]